earn 




Speed Stream* 5940 T1 Business Gateway 



The voice and data integrated solution 



Built for Business 

A steady decline in T1 tariffs has made these services 
affordable for two new markets: small and medium 
businesses (SMBs) and enterprise branch offices. 
With T1 access, SMBs and enterprise branch offices 
can increase competitiveness by interconnecting sites, 
deploying productivity-enhancing applications, and taking 
advantage of applications like Voice over IP (VoIP) and 
videoconferencing. 

Now service providers can cost-effectively provision and 
manage services for SMBs and enterprise branch offices, 
with the SpeedStream 5940 T1 Business Gateway. Installed 
at the customer premises, the SpeedStream 5940 T1 
Business Gateway delivers high-speed Internet access 
and site-to-site communications. It also enables managed 
services such as firewalls and Virtual Private Networks 
(VPNs), IP Quality of Service (QoS), and high availability. 
SMBs need these services but, unlike enterprise customers, 
typically don't have the necessary IT resources to manage 
them. By offering managed services, the service provider 
adds value, strengthens the customer relationship, and 
positions itself to provide turnkey networking solutions, 
including equipment as well as services. 1 

Incorporating the latest technological advances, the 
SpeedStream 5940 T1 Business Gateway combines the 
functions of a T1 channel service unit/data service unit 
(CSU/DSU), ICSA-compliant firewall, VPN security appliance, 
full-featured router, integrated dial backup modem, and 
8-port 1 0/1 OOBase-T managed Ethernet switch — all in 
a single chassis and at a breakthrough price point. The 
feature-rich operating system enables service providers to 
provision and manage all value-added services remotely, 
from a single interface, speeding service activation and 
eliminating the expense of on-site installation. 



Enterprise-grade features for small and 
medium businesses 

With the SpeedStream 5940 T1 Business Gateway, service 
providers can offer multiple managed services at the time 
of service introduction. They can start with one or two 
and add others later, gradually increasing service revenue. 
Potential managed services include: 

> Security — The service provider can deploy VPNs and 
firewalls for SMBs that don't have an IT staff, or whose IT 
staff prefers to outsource this service. 

> IP Quality of Service (QoS) — By differentiating between 
types of IP traffic and giving priority to the most 
urgent or time-sensitive, the service provider can offer 
premium services such as managed VoIP and managed 
videoconferencing. 

> High availability — The SpeedStream 5940 T1 Business 
Gateway supports high availability with a redundant 
configuration option and dial backup functionality. The 
gateway instantly detects if the T1 line is unavailable and 
automatically establishes a backup connection with 

the service provider. 

Breakthrough price 

Unlike modular solutions designed to support multiple 
access technologies, the 5940 T1 Business Gateway is 
optimized for secure, managed T1 access. By focusing 
only on T1 — and eliminating the costs of purchasing, 
integrating, and managing separate devices for CSU/DSU, 
firewall, VPN, router, and switch — the SpeedStream 5940 
Business Gateway makes T1 services affordable for SMBs 
and profitable for service providers. 



1 . A recent Cahners In-Stat survey of telecom decision makers reports that more than half of businesses with fewer than 1 00 
employees would consider buying telecom equipment from a service provider. 
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Figure 2: SpeedStream 5940 T1 Business Gateway user 
interface. 
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Value-Added Services 



The IP Quality of Service (QoS) and security 
features in the SpeedStream 5940 T1 
Business Gateway enable service providers 
to offer managed data networking services 
that meet the business requirements 
of SMB and enterprise branch office 
customers. For example, consider a 
prospective customer with three offices 
across the state, IP PBX systems in two 
offices, and dial-up Internet access. This 
company would be motivated to reduce 
the costs of site-to-site communications, 
gain high-speed Internet access, and take 
advantage of productivity-enhancing 
communications applications such as 
videoconferencing (figure 1). 

By deploying the 5940 T1 Business 
Gateway at the customer premises and 
managing it from a central location, the 
service provider could offer: 

>T1 access 

> Firewall management — either a basic 
business firewall or ICSA-compliant 
stateful inspection firewall for enterprise- 
grade security 

> VPNs with support for Internet Protocol 
Security (IPSec) with Internet Key 



Exchange (IKE), Triple Data Encryption 
Standard (3DES), Layer 2 Tunneling 
Protocol (L2TP), and L2TP inside of IPSec 

> Premium network access for VoIP traffic 

> VoIP for site-to-site communications 

> Internet videoconferencing 

By delivering managed T1 services, the 
service provider gains new customers, 
reduces churn, and delivers valuable 
services for which customers are willing to 
pay a premium. 

Flexible, secure management 

Ease of management directly affects 
service profitability. The SpeedStream 
5940 T1 Business Gateway supports 
role-based management, giving the service 
provider the flexibility to decide which 
functions the customer can access and 
which remain under the service provider's 
exclusive control (figure 2). The ability 
to maintain users and roles centrally, 
in a RADIUS database, reduces the 
management burden as the service grows. 
Simple, secure management enables the 
service provider to introduce T1 services 
for SMBs and enterprise branch offices 
more quickly, begin earning revenues 
sooner, and scale rapidly. 
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Figure 1 : Multi-location SMB using the SpeedStream 5940 for T1 access, firewall, VPN, and advanced applications. 



Feature 



Benefit 



Enterprise-Grade Security 

Basic Business Firewall 



ICSA-Compliant Stateful Inspection Firewall 

Secure Virtual Private Network with IPSec, IKE, DES, AND 
3DES encryption 



Secures users' networks from suspicious packets and denial of service attacks 
with four preset easy-to-implement configurations, customization 
capabilities, and detailed event logs 

Provides enterprise-grade security to users who need further assurance for 
business sensitive data and applications 

Secures the datapath from interception, examination, alteration or 
corruption by authenticating and encrypting data for all authorized 
network clients 



VPN Accelerator 



Maximizes IPSec 3DES VPN performance 



Powerful, Secure Management 

Remote and local management 



Secure management 



Role-based management 



RADIUS management authentication 



Maximizes opportunities for managed services by providing tools to allow 
management over SNMP, Telnet, HTTP, or the console port. On-board 
scripting engine simplifies development of standard configuration scripts for 
mass-deployment 

Protects administrative access and communications with IPSec and SSH for 
authentication and encryption 

Enables multi-level managed services by restricting the ability to view or 
change the configuration with up to 4 different predefined roles (up to 1 5 
user names in the local database) 

Reduces the cost of management by authenticating administrators in a 
single database 



IP Quality of Service 

Weighted Fair Queuing (WFQ) 
DiffServ 



Enables value-added services by optimizing router throughput based on 
real-time or other latency sensitive traffic types 

Enables differentiated services and SLAs by optimizing end-to-end 
throughput based on traffic types 



High Availability 

Integrated dial backup modem 

Virtual Router Redundancy Protocol (VRRP) 



Simplifies contingency management and maximizes uptime by allowing 
users to automatically connect to the Internet if the T1 connection or IP 
datapath fails 

Maximizes uptime by automatically rerouting traffic to an alternate router if 
the WAN link or IP datapath fails 



Simplified Deployment 

Easy diagnostics 



Network address translation (NAT/NAPT) 



Simplifies self-installation by allowing users to access critical information to 
troubleshoot and correct issues without on-site technical help 

Simplifies IP address assignment by hiding the address information of the 
end-user's local network 



8-port 10/1 00BASE-T Ethernet switch 



Provides optimal LAN connectivity and performance 



Reliable Investment 

Single, integrated solution 

Platform and operating system independent 



Provides a single point of management which minimizes deployment, 
support costs, and space required 

Reduces the cost of operations, due to interoperability with the 
IEEE 802.3 standards 



Software Features 

Security 

Secure Monogement 

• User authentication (PAP/CHAP) with PPP (RFC 1 334, 
RFC 1994) 

• Password control for configuration manager 

• SNMP community name reassignment 

• Telnet/SNMP port reassignment/Access Control List 

• Role-based management 

- Four pre-configured templates 

- Up to 1 5 user names stored in the local database 

• RADIUS management authentication support 

• SSH and IPSec secure management channels 

Basic Business Firewall 

• Filter on source and/or destination IP address/port value 

• Filter on SYN, ACK flags and ICMP 

• Apply input, output, transmit, and receive filters on 
each interface 

• Stateful inspection when NAT is enabled 

• Logging and scripting 

ICSA-Compliant Stateful Inspection Firewall 

• Provides enterprise-grade firewall protection from 

- Common Denial of Service (DoS) attacks and 
exploits including Killwin, Land, Ping of Death, 
Smurf, Teardrop, Tiny Fragments, and WinNuke 

- Distributed Denial of Service (DDoS) attacks 
including ICMP, SYN and UDP floods 

- Other hacking attacks including IP address 
sweeping, IP spoofing, port scanning 

• Opens ports to serve legitimate requests and 
automatically closes them when the request or 
session ends 

• Full-time Stateful Packet Inspection with built-in 
support for most popular applications 

• No pre-defined limit on the number of rules that can be 
created and applied 

• All firewall messages can be logged to the router 
console and to syslog servers 

• Maintains a log of the most recently dropped packets in 
the browser-based user interface 

Secure Virtual Private Networking 

• L2TP, IPSec, and L2TP inside of IPSec 

• No pre-defined limit on VPN tunnels 

• IPSec Tunnel and Transport modes with AH and ESP 

• Internet Key Exchange (IKE) including Aggressive Mode 

• DES (56-bit) and 3DES (1 68-bit) encryption 

• Supports Perfect Forward Secrecy (DH Groups 1 and 2) 

• Provides protection from replay attacks 

• Implements RFCs 1321,1 828, 1 829, 2085, 21 04, 
2401-2410, 2412, 2420, 2437, 2451, and 2631 
(Groups 1 and 2) 

Configuration, Management 
and Monitoring 

• Easy setup through a browser-based user interface 

• Configuration and management using HTTP, serial 
console, SNMP, SSH, or Telnet 

• Out-of-band configuration and management using 
serial console port 

• Supports dedicated routed management PVC in bridged 
and routed mode 

• TFTP download/upload of new software, configuration 
files, and scripts 



• Stores backup copy of firmware on dual bank flash 
memory for system recovery 

• Performance monitoring data available using SNMP 

• Dynamic event and history logging 

• Network boot using a BootP server (RFC 2131, 
RFC 21 32) 

• Syslog server support 

IP Quality of Service (IP QoS) 

• DiffServ traffic prioritization through ToS byte marking 

• Weighted Fair Queuing traffic prioritization 

• Configurable queue weighting 

• Configurable traffic prioritization policies by 

- Date, day of week, and time 

- Source and destination addresses 

- Port, protocol, and application 

High Availability 

• Dial backup support - Integrated v.90 modem 

• Virtual Router Redundancy Protocol (VRRP) (RFC 2338) 
for failover support to other VRRP-capable routers 

Protocols 

ATM 

• Encapsulation (IP, Bridging, and Bridge Encapsulated 
Routing) (RFC 2684/1483) 

• PPP over ATM (LLC and VC multiplexing) (RFC 2364) 

• Classical IP over ATM (RFC 2225) 

• Classical IP (RFC 1577) 

• AAL5 

• Virtual Circuit (VC) traffic shaping (CBR, PCR, UBR, VBR) 

• No pre-defined limit on VCs 

• 1.610 OAM F5 end-to-end and segment LoopBack 

• Initiates and responds to LoopBack signaling 

Frame Relay 

• Support of frame relay ANSI T1 .61 8 and CCITT Q.922 
formats 

• DLCI support 

• Inverse ARP support 

• LMI support including LMI protocol discovery 

• LLCP auto-update 

• CIR & EIR rate enforcement 

• Network congestion management 

PPP (RFC 1661, RFC 2364) 

• PPP over Ethernet (RFC 251 6) 

• PPP over ATM (RFC 2364) 

• Bridging (RFC 1638) 

• IP Routing (RFC 1331) 

• IPX Routing (RFC 1552) 

• Multiclass extensions to MLPPP (RFC 2686) 

• MLPPP (RFC 1990) 

• Data compression of up to 4:1 (STAC™ LZS) (RFC 1 974) 

• Van Jacobson header compression (RFC 1 1 44) 

• Spoofing and filtering (IP-RIP, IPX-RIP, SAP, Watchdog 
serialization) 

• Automatic IP and DNS assignment (RFC 1877) 

Routing 

• TCP/IP with RIP1 (RFC 1 058), RIP1 -compatible and RIP2 
(RFC 1 389), or static routing on the LAN and/or WAN 

• Novell® IPX with RIP/SAP (RFC 1552) 

• DHCP server (RFC 21 31 , RFC 21 32), relay agent (RFC 
1542), and client (RFC 21 32) 

- Automatically defers to other DHCP servers on 
the network 



- Automatically adjusts to changes in LAN IP 
addressing 

- No pre-defined limit on DHCP clients 

• DNS relay 

• Multiple subnets on the LAN support NAT, RIP1 , RIP2, 
ARP and IP filters 

• Virtual routes can be defined based on user IP addresses 
or ranges 

IP Address Translation 

• Network renumbering (RFC 1 631) 

• Network Address Translation (NAT/PAT/NAPT) 

• NAT passthrough support for numerous applications 
including IPSec, PPTP, H.323, SIP and NetMeeting 

• Supports public Web and e-mail servers with NAT 

Hardware Features 
WAN Interface 

• ANSI T1.403 compliant 

• Software-selectable support for all major 
T1 deployments 

-ATM 

- Frame Relay 

- PPP 

- Frame Relay PPP 

• Supports data rates from 64Kbps to 1,544Kbps 

• ESF framing formats 

• B8ZS coding formats 

• Local and remote loopback 

• Facility Data Link (FDL) support 

• BERT (bit error rate testing) support 

LAN Interface 

• Built-in 8-port 10/100Base-T Ethernet switch with link 
status LED for each port 

• Auto detects full or half duplex operation 

• Auto detects regular or crossover cable for easy 
connection to a switch or hub 

• Ports can be configured individually and 
manually for: 

- Enabling/disabling 

- Speed and duplex 

- Port mirroring 

Serial Interface 

One asynchronous serial console port 

VPN Accelerator 

Dedicated encryption processor maximizes IPSec 3DES 
VPN throughput 

Product Enclosure 

• Front panel LED status for Power, Test, WAN, LAN, 
and backup 

• Rear panel LED status for Power, Test, WAN and each 
Ethernet port link 

• Installation options: Desktop, wall mount, or 19" 
rack mount 



SpeedStream 5940 back panel view 
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